Related Answers
Download topic as PDF
Add users to the search head cluster
To add users to the search head cluster, use either LDAP or Splunk Enterprise built-in authentication. You should ensure that all cluster members use the same set of users, with the same set of roles.
Use LDAP to add users
To add users through LDAP:
1. Edit a copy of authentication.conf for your LDAP environment. See "Configure LDAP with the configuration file" in the Securing Splunk Enterprise manual.
2. On a separate test instance, ensure that the authentication functions properly.
3. Place the edited copy of the file on the deployer. See "Use the deployer to distribute apps and configuration updates." As explained in that topic, you must place standalone files like this one in a subdirectory under $SPLUNK_HOME/etc/shcluster/apps.
4. Push the deployer's configuration bundle, including this file, to the cluster members. See "Push the configuration bundle."
Use Splunk Enterprise built-in authentication to add members
To use the built-in authentication method, you must add each user to each cluster member. This is necessary to generate the $SPLUNK_HOME/etc/passwd file on each member.
It is recommended that you script this:
1. Create a script that adds each user through the splunk add user CLI command. See "Configure users with the CLI" in the Securing Splunk Enterprise manual.
2. Run the script on each cluster member.
|
PREVIOUS Connect the search heads in clusters to search peers |
NEXT Use a load balancer with search head clustering |
This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.3.14
Feedback submitted, thanks!